Tuesday, September 4, 2007

Malfunctioning Vote-Counting Machines Are ALWAYS A Sign Of Corruption

This is a message from programmers to normal people.

Dear Normal People,

You often hear about voting machine malfunctions, both here in the US and overseas. I think as a computer programmer it's pretty important to point out that voting is not a difficult problem from a technological standpoint. I think pretty much any one of the programmers who read my blog regularly could build an absolutely secure voting machine in a matter of hours, and their only challenge would be staying awake while doing something so incredibly unchallenging and therefore boring.

Every story you see on the news about voter fraud is an instance of corruption at work. There are no exceptions. The only way systems which handle such incredibly simple problems can malfunction so consistently and spectacularly is if they are designed to do so. It's like putting square wheels on a car. Fucking up something that simple is harder than getting it right. It takes effort. It can only happen deliberately.

31 comments:

i'll just point out that with modern cryptography and open-source auditing techniques, we could make voting systems that were secure and auditable (making sure your vote was counted, making sure that every vote corresponds to a real person, making sure a person doesn't vote more than once). this wouldn't be dead-easy like you describe, but would actually be an advancement of the field of verifiable voting.

any other sort of electronic scheme is pure fraud, even if it doesn't appear to malfunction. bringing voting into the electronic domain (where the process can be easily subverted on a wide scale with little oversight) without such cryptographic techniques is negligence in and of itself. all such machines do is defraud the public out of money, and most likely out of democracy.

Putting all the credibility of a system into the electronic data it claims to have stored and retrieved is a quick path to an easy workaround (corruption again). Without freely viewable data storage, there's really no way to guarantee that a vote tally is accurate unless you can match a vote to a part of a count.Some ways to do this include giving each vote a number ([state]-[district]-[vote tally], like CA-27-5672) and treat it like an inventory. Then you'd have to give each person who voted that number so they can check their vote. This might be one of the newer barcodes which fill an area, or just a web site to check for their vote (Long list, ctrl+F to confirm that they were counted). The only problem left is to make sure that votes are not changed or added: This would be a programming aspect; such as comparing attendance at the polling station to how many votes seem to have been cast, and having people check their own votes.While such a system would not be easy or quick to implement, it wouldn't be a challenge or a great expense. However, doing things differently is a strange and fearsome thing to bureaucracy. At some point though, you have to question the dwindling reasons not to enact a transparent system of votes.

While I confess I agree with your main thesis, I believe you are overstating matters. In particular, you seem ignorant of some of the requirements for such a system.

- Votes must be anonymous : there mustn't be a way to determine, after the fact, how anyone cast their vote. If there were such a facility, then thuggish elements would have a means to ensure that you voted as you were told and break, or abstain from breaking, your legs as appropriate.

- So long as the process is being modernized, due consideration should be given to the deaf, the blind, the dumb. Particularly the dumb: Universally usable interfaces are easy only in retrospect on the very rare occasion that they succeed, and damn near impossible otherwise.

- End-to-end security is a hard problem no matter how you choose to slice it. One chink in your armor and the game is over. For example: suppose there is an unnoticed weakness in the section of code that reads the list of candidates and proposals before an election. Such information must be disseminated to all voting machines before the election; any weakness here and some wise-acre billy will write up a virus that carries itself from machine to machine.

You have to divide control. Make one party responsible for counting total votes while another counts votes for each candidate, etc. Allow all people to view a hashed list of all votes so they can verify that theirs is in the list. Since a third party counted total votes no one could add votes to the list and Bob couldn't extract Alice's vote from the list without her key. Just one suggestion. Sure it has holes too.

"I think pretty much any one of the programmers who read my blog regularly could build an absolutely secure voting machine in a matter of hours, and their only challenge would be staying awake while doing something so incredibly unchallenging and therefore boring."

Are you kidding me? Please detail the design of your "absolutely secure voting machine" and how you can make sure it is 100% tamper proof. How will input from the user be made? How will you verify that each user votes once and only once? What sorts of mechanisms will you put into place to let the user know HOW they voted? Will you leave a paper trail or not? What are the inputs and outputs of your system? How do you update the code in your system? How are the machines polled for their final tallies? Do you use a network? Which one? How do you secure it?

The solution is already used daily around the USA by millions of individuals, no need reinventing the wheel...

Are you ready for it . . . ?

When it comes time to vote, the voter can pull up to the gas station, put their credit card in the gas pump and the pump will validate the person, prompt them who they want to vote for while the tank is being filled, then the machine prints a human-readable receipt of the transaction back to the user. It couldn't be simpler. Even has nice big YES/NO buttons and old people know how to use these devices too!

Could throw in a free soda to get young people to vote too! It is not only perfect for people on the go, it would increase voter turnout!

You can be sure that corporations relying on those machines to bring in every fractional cent of income have put the machines through the rigors.

Simple. But that is too easy, and it would prevent Bush winning a third term.

The post might be naive, but not in that it's hard to create a secure and stable voting machine. The naivety is in thinking that the majority of programmers can write anything more complex than "hello world".

In reponse to "Bush for 3rd Term" This is an interesting idea, but flawed. The anonymous vote factor is completly destroyed every time you use your credit card. You can't vote based on authentication at the gas pump. Not only does it directly link your vote to your identity it leaves the vote count directly in the hands of the oil companies. Also, as you have already mentioned, you can influence the vote by offering free sodas. So why not offer $5 off that tank of gas by voting for Candidate X?

A lot of folks here are missing the point. You don't have to create an absolutely secure voting system. You just have to create one that works.

Your task: build a user interface and storage system so that every time someone presses the button labeled "Bush" a vote is tallied for Bush, and every time someone presses the button labeled "Kerry" a vote is tallied for Kerry.

Do we think just about any programmer on the planet is capable of building such a system that will accurately report the number of votes for each candidate at the end of the day?

If so, then when someone talks about a vote-counting machine that does NOT reliably report such, it must have been tampered with. It doesn't matter if the votes were encrypted with quantum-string algorithms with keys derived from moon rocks or if the developer used ROT13 - if the system didn't record 10,000 votes for Kerry as 10,000 votes for Kerry (or reports more votes than people actually voted), then SOMEONE FUCKED WITH THE RESULTS.

I do not for a second believe that writing the software for the voting machine can ever be anything than the simplest of problems [I was going to write: challenge, but it really isn't] for a coder.

The only thing the machine has to do is to record the vote, add to the tally and produce the result. It's an addition.

Why is this not a challenge? Because that's what Wall-Mart is doing every day a billion times over: adding up sales and producing a slip that says: 'you bought soandso for thisandthat price'. That's how they run their stock and they are -very- efficient at it.

To say that you can't make software that runs a counter for every name entered and do this in a robust and safe way is tantamount to saying you're working for the people defrauding the public.

The fact that we're talking about malfunctioning voting machines in America... wake the hell up, people.

Here's a secure way of voting, like it has been done for decades in real democracies: take a large piece of paper, listing all the names people can vote for.

Make it so that there is a totally non-ambiguous way to cast a vote: color a field next to the name to indicate a vote.

Have people from the community come in and count the votes while being supervised by officials representing all parties so that every vote is actually counted.

It takes a bit more time, but you simply can't miss.

This is about democracy, about the vote of the people, it's important to get it right and to be absolutely sure that you get it right -every time-.

And another thing: make the vote compulsory for every adult. Make sure -all the voices- in society are heard in stead of a small subset. That would change the political landscape in a real hell of a hurry.

Makes me think of Man of the Year (2006 film), where the presidential candidate wins the electronically conducted election because the double letters in his name (doBBs) came first alphabetically when compares to the double letter patterns in other candidate names.

Congrats. You've just proven the opposite of what you are trying to argue.

Clearly it's very possible for programmers to be so incompetent that they can't understand the real problem they are being asked to solve.

No voting machine can ever be secure, reliable, transparent and publicly accountable. That's why we have these tried an proven systems with pieces of paper an ballot boxes. It ain't perfect, but if you think it can be reliably replaced by information technology, you don't understand information technology.

Seriously, end of story. For a while at least. There are some variants worth exploring where voters can exchange ballots with each other even more frequently however lets take things step by step and adopt widespread use of three ballot first.

* There are paper ballots and electronic ballots. E-voting with machines is typically a combination of a machine and paper ballot or paper receipt.

* A voting system is NOT a simple counting machine for scalar numbers.

* E-voting over the internet would be efficient, fast, flexible, and convenient. It would also be difficult to design: there is always the potential security risk the various processes regarding gathering votes, tallying them or verifying the results. For every system made, someone can break it at it's weakest point. An unfortunate truth.

3. The key is designing a system that is 'good enough', but that does not necessarily mean 'simple'. I propose to have a standardized, open source, code-checking, anonymous system that provides end-to-end encryption and reciprocally, user-authentication using a public key exchange.

Before even counting the vote, the voter would have a receipt in the same way the red cross has people place a sticker to confirm blood donation. For redundancy, and in the case of doubt or a potential compromise of validity, a peer-to-peer verification process could be used to resolve claims and report discrepancies (ie: fraud).

With this type of system, even if everything were checked and correct, the fraud could happen at announcement time.

Even if we had FRANCE hold all of the US registration/voting server clusters and tally our votes, they could still be bought off by some malfeasant political person, group or interest.

There is no end to treachery. 'Locks keep the honest people out'. At a certain point, the voter base has to be satisfied with the answer.

It's going to come down to a gut reaction.

4. There are open source e-voting systems being designed already, but without encryption, anonymity, or peer-validation, what use are they except as a study for something better?

For a given voting system, the key to providing both anonymity and authentication is to make temporary accounts and necessarily decouple the registration database user info (which will reveal a true identity) with the anonymous votes in the voting database. Put the registration database in one affiliate country and the voting one in another affiliate country. Having three countries involved provides the necessary balance of jurisdiction to create an imbalance of potential fraud.

It's not perfect but it's a hell of a lot bette than diebold, which is imo one of the most irresponsible companies in the known universe.

Vote Application1. Voter enters unique id2. Voter votes3. Vote is associated with unique id4. Voter is given a printout of unique id5. Voter total is kept

Vote Verification Application1. Compare totals from Validation Application and Vote Application2. Publish all of the results to the public

None of these steps are difficult.Validation Application:Step 1 could be done the same way we do it nowStep 2 we could just have a pile of randomized unique ids with bar codes stored in envelopes which are handed to each voterStep 3 what programmer hasn’t kept a running total?

Voter Application:Step 1 just scan the bar codeStep 2 make a simple easy to use user interface (there are already plenty of existing examples to borrow from)Step 3 Unique_Id table has unique_id collumn Vote table has a unique_id foreign key (one to many relationship one person votes for president, senator, house representatives, and dog catcher’s raise for example) Step 4 just like printing a receipt for a voter's personal records

Vote Verification Application:Step 1 Get the totals from the other two applicationsStep 2 This can be done on a web page and in public places like libraries. People can see that their vote was counted correctly and they can compare voter totals from each application

That's ridiculous. There's nothing difficult about it. "It's not voting, it's E-VOTING. And it involves the INTERNET. It's DIFFICULT. Ooooooh." What a load of crap. I bet Tic-Tac-Toe would be difficult too if it were "E3T over the Internet." Total fucking bullshit. A junior high student could code it.

One person, one vote. Leave a paper trail. Those are your requirements. That's IT. If you submitted something that basic to Rails Rumble next weekend, you wouldn't stand a chance in the competition because you wouldn't be working hard enough.

Dear Anonymous: You're on to something. You're analyzing both the problem AND the viable solutions. Instead of running out to grab the latest quick fix, we need to look at the big picture. We need tighter, better, wiser controls. And we need fix our election laws to protect us from machine and human error, and HUMAN INTERPRETION of election results. Computers, paper, people will fail…our laws must trigger automatic re-voting when they do.